-
Notifications
You must be signed in to change notification settings - Fork 301
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Azure AD B2C Support #175
Comments
i am also interested in this |
I'd love this as well! |
For application, we can use this provider to create an application in the B2C directory. The key point it that you must manually create a service principle and use this service principle to create an application the B2C directory by Terraform. The example is below.
|
Do we have any plan to support Azure Active Directory B2C? We can use azuread provider to create an application in the B2C directory. We also need the following supports:
For now, the beta version in Microsoft Graph is in preview, which supports managing the Trust Framework policy and user flow. The details refer to trustFrameworkPolicy resource type and UserFlow resource type |
Would love this too! |
Unfortunately at the moment the Azure SDK for Go doesn't support MS Graph, so we can't yet manage B2C policies or user flows. You should however, as mentioned by @hhao01-becls, now be able to manage B2C Applications using the |
When creating a new application in B2C there is the option under Supported Account Types for "Accounts in any organizational directory or any identity provider. For authenticating users with Azure AD B2C." I know that azuread_application has the param I am playing around with this and will update here if I find anything further. Edit: It appears this is a limitation of the current Go SDK which is not using the Microsoft Graph API. With Graph you can configure an application like:
https://docs.microsoft.com/en-us/graph/api/resources/application?view=graph-rest-beta |
This would be great! |
Btw. |
Would this scenario be enabled by the 2.0 milestone? Currently I get
|
Support for all values for |
@manicminer I know 2.0 isn't released yet, but can I use a dev version now with a different |
Hi @jashby44, we don't have a pre-release build, however you should be able to build it locally from |
There are now APIs for creating AD B2C tenants programmatically, so is the "upstream" issue tag fixed, or is it still pending the Azure SDK for Go? |
@jrasanen Thanks for pointing this out! As this is a Resource Manager API, the corresponding resource to create/manage a B2C tenant and it's subscription association will be implemented in the AzureRM provider. The AzureAD provider will implement any resources which can be managed via Microsoft Graph (or potentially any future B2C-specific APIs), to manage the constructs within a B2C tenant. I have opened an issue to track this: hashicorp/terraform-provider-azurerm#13396 |
Linked or not: https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_policy Does the above allow for the definition of custom policies via their own XML files? @hhao01-becls the microsoft graph client has apparently been upgraded to support the upload of policies. It is used in Github action workflows, which sound like an acceptable alternative if terraform cannot write these custom policies. |
Hi @manicminer! Would you be open to accept a PR for adding support for B2C Userflow resource to this provider https://learn.microsoft.com/en-us/graph/api/resources/b2cidentityuserflow?view=graph-rest-beta ? I see that azuread uses https://github.com/manicminer/hamilton/tree/main/msgraph as the Microsoft Graph API client but the client doesn't support B2C UserFlow related graph APIs. |
@jarifibrahim We would definitely like to support this, however we are first looking to implement support in the provider for pinning, or otherwise asserting, the API version - due to this resource only being available in the beta API at this time. We are not currently looking to use the official SDK(s). |
@manicminer is there an ETA on how long would it take to add support for pinning a version?
May I ask why? I am happy to add support for user flows to https://github.com/manicminer/hamilton/tree/main/msgraph as well. Edit: Created manicminer/hamilton#179 for adding B2C User Flow API support. |
Is there any possibility to create User Flows and generic OIDC Identity Providers in a B2C tenant at this time? |
@manicminer I saw a PR for user flow that got incorrectly marked as being released in version 2.35 but it was apparently never merged, any reason why that one was closed? I was looking forward to it. Can you shed some light on the status, please? AFAIC support is there in the hamilton library |
@ilmax Great question! Apologies, I closed that PR but forgot to update the milestone or post an explanatory comment. I've added that now, please see #1009 (comment) |
Azure AD B2C will probably be superseded by Entra External ID for customers in the future and it looks like most of the effort goes into that instead of AD B2C. Also, Entra ID for customers seems to have proper APIs for configuration and fortunately dropped the whole Identity Experience Framework in favour of a more modern hook system called authentication extensions. |
* add app IDs for Front Door * remove punctuation symbols * Fix syntax errors Co-authored-by: Tom Bamford <tom@bamford.io>
Entra External ID looks nice, but AD B2C will be supported by MS until at least May 2030 (https://learn.microsoft.com/en-us/entra/external-id/customers/faq-customers#whats-happening-to-azure-ad-b2c-and-azure-ad-external-identities). Migrating from AD B2C is far from trivial, at least for now. Also External ID still lacks many features and will require time to catch up with AD B2C. Until then both existing and new deployments will benefit from support in Terraform. In particular, #715 feels like the most obviously missing. |
Does this provider support Azure AD B2C? If not, what provider can I use to support Azure AD B2C?
The text was updated successfully, but these errors were encountered: